Splunk Search

Discussions

Thread Info

How do I use rex to extract fields from my sample data and get the count?

I want to extract fields. This is the log: country=us,name = [peter, susan, jack],city=nyc When I do this...

by New Member in

How to search for IP addresses that have been hit on more than one port within a short period of time?

I have been trying to figure out on how to do a search for IP addresses that were hit on more than one Port in a shor...

by Engager in

Why does placing "table _time" after timechart make x-axis labels disappear on JSChart?

I have a simple search like: sourcetype="A" | timechart span="1h" avg(x) as AvgCode and the resulting visualiz...

by Communicator in

Why am I getting error "Invalid time bounds in search" using inputlookup on a CSV file containing date ranges?

Hi, I'm trying to run this search: index="proxy" [|inputlookup TEST.csv | return 2 $IPs $dates] My TEST.csv...

by Explorer in

How to increase subsearch maxout limit?

Hello, I would like to run a scheduled report once. A very log time search, I don't care about performance or time...

by Path Finder in

How to get accurate transaction results for VPN Sessions which start or end at either side of the search time boundaries?

Good morning. I hope you can help. I have been tasked with creating a chart for the top 25 users who spend the lon...

by Path Finder in

How do I edit my search to display users with more than 2 login failures on a server?

I am trying to craft a search which will display the users who have failed logins more than 2 times against a server....

by New Member in

How to search a list of IPs between specific time ranges from a lookup CSV file?

I am looking to search for a given value (an IP in this case) between a specific time range. This is easy to do as a ...

by Path Finder in

pass a subsearch result to the head command

I am trying to pass the numeric result of a subsearch to the head command with no success, can anyone see what I am d...

by Contributor in

How do I edit my search to only display results based on these conditions?

index=app sourcetype=epcpromotionsevent | stats count as num by eventName,hotelId The search above will display ...

by Explorer in

Why is the cluster search command not returning any data?

Hi, I'm trying to use the Cluster Command to list our Authentication API used by Client IP's. Through searching th...

by New Member in

Inconsistent results when searching using dedup sortby -_time

I'm monitoring log files and want to generate reports using the most recent event types I'm seeing an inconsistent...

by New Member in

Why am I getting different results for "stats count" and "tstats count"?

Hi All, I'm getting a different values for stats count and tstats count. Sometimes the data will fix itself after ...

by Explorer in

How do I filter out DEBUG entries from a linux / Unix logfile with the heavy forwarder?

We're having some licensing violations when we need to turn on DEBUG on some of our services and we'd like to just ha...

by Communicator in

Does Splunk support any Identity Providers other than PingFederate's Ping Identity?

I am trying to integrate Splunk with an internal Identity Provider but have been unsuccessful. I know that Splunk sup...

by Path Finder in

how can you search a lookup table for a value entered in a text box?

I am trying to write a search where I pull data from a lookup table where one field in the lookup matches the value e...

by Communicator in

How to create a timechart using eval to create the fields and control the values by date?

I think this can be done, but I am having some troubles... This is what i am starting with, but not sure how to ge...

by Motivator in

Can i have a download option for the graphs created in splunk ?

Hi , I have created a form search which gives me a bar graph output. can i have a download option for downloading ...

by Motivator in

How do I edit my search to get the average response time without using the transaction command?

I am trying to get average response time without the transaction command. Events are running into millions, so the se...

by Explorer in

How to create a report on error codes and how many times each occurred over a period of time using regex and timechart?

In my application, it will print some error codes like OPT-00A001, OPT-00A002, OPT-00A003, upto OPT-00A010. I need to...

by Explorer in

How to display filler gauge displays horizontally in Simple XML?

How to display filler gauge displays horizontally in simple xml

by Communicator in

How to create a search to show a trending single value for the last 60 minutes of data with a trending arrow comparing the previous 60 minutes?

Hi, Sorry if this has been answered before, however, I am struggling with a search that I am trying to build. ...

by Explorer in

How to break events on Particular field using Regex or any other process?

Hi All, Below is my event data: Issue 1: 11/11/15 1:26:01.000 PM Job Id, Class Id,"Id","Success","Created...

by Explorer in

How to write a search to return values from source1 that do not appear in source2 and source3?

Hi Splunkers, I have three sources in my Splunk deployment: (all_cardnumbers.csv, fraud_detect1_card.csv and frau...

by Communicator in

How to transform this date format from 20151412 to 2015-14-12 using rex?

Hi, I am getting the input source file date from the name of the file itself (sourcefilename20151412.csv), like th...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I use rex to extract fields from my sample data and get the count?

How to search for IP addresses that have been hit on more than one port within a short period of time?

Why does placing "table _time" after timechart make x-axis labels disappear on JSChart?

Why am I getting error "Invalid time bounds in search" using inputlookup on a CSV file containing date ranges?

How to increase subsearch maxout limit?

How to get accurate transaction results for VPN Sessions which start or end at either side of the search time boundaries?

How do I edit my search to display users with more than 2 login failures on a server?

How to search a list of IPs between specific time ranges from a lookup CSV file?

pass a subsearch result to the head command

How do I edit my search to only display results based on these conditions?

Why is the cluster search command not returning any data?

Inconsistent results when searching using dedup sortby -_time

Why am I getting different results for "stats count" and "tstats count"?

How do I filter out DEBUG entries from a linux / Unix logfile with the heavy forwarder?

Does Splunk support any Identity Providers other than PingFederate's Ping Identity?

how can you search a lookup table for a value entered in a text box?

How to create a timechart using eval to create the fields and control the values by date?

Can i have a download option for the graphs created in splunk ?

How do I edit my search to get the average response time without using the transaction command?

How to create a report on error codes and how many times each occurred over a period of time using regex and timechart?

How to display filler gauge displays horizontally in Simple XML?

How to create a search to show a trending single value for the last 60 minutes of data with a trending arrow comparing the previous 60 minutes?

How to break events on Particular field using Regex or any other process?

How to write a search to return values from source1 that do not appear in source2 and source3?

How to transform this date format from 20151412 to 2015-14-12 using rex?

Can’t make it to .conf25? Join us online!

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!